Discussion On Security Assessment Report
- 27th Feb, 2019
- 16:28 PM
Threat actor is considered to be any entity or person involved in any act or incident which is responsible for affecting the safety and security of another entity. These are usually individuals or groups which conduct acts against different organizations of various size and types. These threat actors are further grouped as unintentional, intentional, external and internal.
TOOLS/ TECHNIQUES USED:
A very common type of threat is cyber espionage. In this, malicious tools are created and maintained. These contain malware which are used for hacking purposes. The tactics they use to gather network information is reconnaissance. Their movements are very silent once they have hacked the network. The tools used consist of keyloggers, rootkit, tools to bypass air gaps in proxy networks, Haymaker backdoor, Scanbox etc.
From a techniques perspective, advanced spear phishing is carried out through a known email. Some groups use the technique of satellite hacking. Through this, they can hack from any place while being anonymous. Sometimes, in places where the system is made available to public, keyloggers are installed. It consists of a malware downloader which collects information.
EXAMPLES OF SOCIAL ENGINEERING ATTACKS:
The Twitter account of the Associated Press news tweeted in 2013 that “Breaking: Two Explosions in the White House and Barack Obama is injured." The Syrian Electronic Army had hijacked their Twitter account. Similar attacks were carried out various media organizations during that period. The immediate result of this was a crash in stock market. This attack was conducted through phishing. The tweet was very clearly imitated and hence wasn’t identified.
In 2013, every single customer account i.e. more than 3 billion accounts at Yahoo were hacked. This happened because an engineer at Yahoo failed to capture a spear-phishing mail. The hacked data was then available for sale which could be used to target similar attacks by using personal information obtained from these accounts.
In 2011, RSA was hacked which gave the hackers access to information about the company’s Secure ID two-factor authentication fobs. The hackers further used this data to hack Lockheed Martin’s network. The hacking was done by emailing four employees with a spoofed address of a job recruitment website. It included an Excel attachment with title ‘2011 Recruitment Plan’. When the employees opened this attachment, a zero-day Flash exploit which was inserted in the spreadsheet installed backdoor access to the work machines. This gave direct access to the data.
In 2015, Ubiquiti, a specialized manufacturer of Wi-Fi hardware and software based in San Jose was hacked through employee impersonation. The accounting department got emails supposed to be from their Hong Kong location. These emails contained information regarding changes in bank account details, new accounts etc. The accounts team made respective changes. The hacking resulted in transfer of $47 million to some overseas account owned by hackers.
RATIONALE BEHIND SOCIAL ENGINEERING ATTACKS IN US
It should be very well understood that technology cannot alone manage security. The employees of any company are the first to notice any security breach activity. However, they also act as the most vulnerable link to an attack. If they fail in judgment, it leads to successful attacks.
The number of social engineering attacks is large in USA because USA houses many big firms. Most cyber-attacks are carried out to get access to data. Since these firms are housed in USA, many cyber-attacks take place here. Many targeted firms are social media platforms since they provide huge database. Because major social networking sites work in USA, we can see many social engineering attacks happening in USA.
USA also happens to have headquarters of major multinational companies. Therefore sensitive information is available in these locations which make USA a major target for cyber-attack. It is also one of the most powerful and developed nation, so cyber attackers especially threat actors or organizations have something against other organizations which makes them hire the cyber attackers to target these organizations. There are many Russian and Chinese hackers who are constantly involved in taking attacking US entities.